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Claims: 

1 1 . A method of authenticating a user of a second system where the 

2 user has an authenticated identity in a first system, comprising the steps of: 

3 the second system causing a key to be generated for use in the second 

4 system; 

5 the second system generating a certificate for the key; and 

6 signing the certificate for the key using the authenticated identity of the 

7 user in the first system. 

1 2. A method as defined in claim 1 , wherein the key is generated by the 

2 second system. 

1 3 . A method as defined in claim 1 , wherein the key is generated by the 

2 first system. 



ill 1 4. A method as defined in claim 1 , further comprising the step of: a 

hi 

2 third party communicating with the user of the second system and verifying the 

0 3 user of the second system by the authenticated identity of the user of Ihe first 

4 system. 



fll 1 5. A method as defined in claim 4, wherein the third party is a server. 

1 6. A method as defined in claim 4, wherein the key comprises a 

2 private-public key pair and where the certificate includes the pubhc key of the key 

3 pair. 

1 7. A method as defined in claim 6, wherein the certificate fiirther 

2 includes an identity which is the same as the authenticated identity of the user of 

3 the first system. 



1 
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8. A method as defined in claim 7, where the authenticated identity of 
the user in the first system comprises a private-pubHc key pair and a certificate 
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3 issued by a Certification Authority, and where the signing of the second system 

4 generated certificate is by hashing at least some data in the certificate to obtain a 

5 hash value, encrypting this hash value using the private key of the first system 

6 private-public key pair, and adding the encrypted hash value to the certificate, 

1 9. A method as defined in claim 8, wherein the private key of first 

2 system private-public key pair is stored in a wireless identity module. 

1 10. A method as defined in claim 9, wherein the private key of the first 

2 system is accessed by entry of a password. 



1 1 1 . A method as defined in claim 6, where the identity of the user in 

Q 2 the fiirst system comprises a private-public key pair and an associated certificate 

CI 

3i 3 issued by a Certification Authority. 
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1 12. A method as defined in claim 1 1, wherein the private key of first 

2 system private-public key pair is stored in a wireless identity module. 



f|| 1 1 3 . A method as defined in claim 12, wherein the private key of the 

p 2 first system is accessed by entry of a password. 

1 14. A method as defined in claim 1, wherein the authenticated identity 

2 of the user of the first system forming at least part of the signing of the certificate 

3 for the key for use in the second system includes encryption of data with the 

4 private key of the user of the first system, wherein the identity of the user of the 

5 first system is certified by a Certification Authority through a corresponding 

6 public key for the user of the first system. 

1 1 5 . A method as defined in claim 1 4, wherein prior to signing the 

2 certificate for the key for use in the second system, the user of the first system 

3 obtains access to its private key by entry of a password. 
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1 16. A method as defined in claim 15, wherein the password is a 

2 personal identification number. 

1 17. A method as defined in claim 1, wherein the certificate for the key 

2 includes the fiill certification tree for the key, said full certification tree including a 

3 certificate of the first system for the user of the first system. 

1 1 8. A method as defined in claim 1 , wherein the first system is a 

2 wireless communication system. 

1 19, A method as defined in claim 1 8, wherein the second system a 

2 computer connected to the Litemet. 

1 20. A method as defined in claim 17, wherein the second system uses a 

2 security protocol for establishing a secure session. 

1 2 L A method as defined in claim 20, wherein the security protocol is 

2 selected firom the group consisting of Transport Layer Security, IP Security 

3 Protocol and Secure Socket Layer. 

1 22. A method as defined in claim 20, wherein the wireless 

2 communication system uses a wireless identity module (WIM) in an associated 

3 wireless device of the user of the first system for establishing the identity of the 

4 user of the first system. 

1 23. A method as defined in claim 22, wherein the WIM contains a 

2 private key of the user of the first system and wherein a corresponding public key 

3 of the user of the first system is certified by a Certification Authority. 

1 24. A method as defined in claim 1 , wherein the certificate for the key 

2 for use in the second system contains one or more usage limitations. 
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1 25. A method as defined in claim 24, wherein one usage limitation is 

2 that a third party of the second system should accept the key for use in the second 

3 system only for certain types of operations. 

1 26. A method as defined in claim 25, wherein an accepted operation is 

2 the use of the key for use in the second system for encryption of data but not for 

3 signature verification. 

1 27. A method as defined in claim 1, where the certificate does not 

2 contain the identity of the user associated with the user generated key, and where 

3 the signing of the certificate using the authenticated identity of the user of the first 

4 system includes appending the fiill certification tree of the first user to the user 

5 generated key. 



flj 1 28. A method as defined in claim 1, where the first and second users 

m 

2 are the same entity. 



1 29. A method of authenticating a user in a network environment where 

2 the user has an authenticated identity not associated with said network 

3 environment, comprising the steps of: 

4 generating a key for use in the network environment; 

5 generating a certificate for the key; and 

6 signing the certificate for the key using the user's authenticated identity. 

1 30. A system for authenticating a user of a second system where the 

2 user has an authenticated identity in a first system, comprising: 

3 a device forming part of the second system, the device having means for 

4 causing a key to be generated for use in the second system, 

5 said device of the second system having means for generating a certificate 

6 for the key; and 

7 a second device forming part of the first system, the second device having 
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8 means for storing information regarding the authenticated identity of the user in 

9 the first system, 

10 said second device further having means for communicating said 

11 information; and 

12 wherein the device of the first system has means for receipt of said 

13 information from the second device, and further has means for signing the 

] 4 certificate for the key using the authenticated identity of the user in the first 

] 5 system. 

1 3 1 . A system as defined in claim 30, wherein the device of the second 

2 system fiirther comprises means for generating said key. 

1 32. A system as defined in claim 30, wherein the second device 

2 forming part of the first system further comprises means for generating said key. 

1 33. A system as defined in claim 30, wherein a third party 

2 communicates with the user of the second system, said third party communicating 

3 via a third device, said third device having means for verifying the user of the 

4 second system by the authenticated identity of the user of the first system. 

1 34. A system as defined in claim 33, wherein the third device is a 

2 server. 

1 35. A system as defined in claim 30, wherein the key comprises a 

2 private-public key pair and where the certificate includes the public key of the key 

3 pair. 

1 36. A system as defined in claim 35, wherein the certificate further 

2 includes an identity which is the same as the authenticated identity of the user of 

3 the first system. 
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1 37. A system as defined in claim 36, where the authenticated identity 

2 of the user in the first system comprises a private-public key pair and a certificate 

3 issued by a Certification Authority, and where the means for signing the second 

4 system generated certificate is by encrypting this second system generated 

5 certificate using the private key of the first system private-pubUc key pair. 

1 38. A system as defined in claim 37, wherein the private key of the first 

2 system private-public key pair is stored in a wireless identity module forming part 

3 of the second device. 

1 39. A system as defined in claim 38, wherein the second device 

2 includes means for user entry of information, wherein the private key of the first 

3 system is accessed by entry of a password via said user entry means. 

1 40. A system as defined in claim 35, where the identity of the user in 

2 the first system comprises a private-public key pair and an associated certificate 



y 3 issued by a Certification Authority, 



1 41 . A system as defined in claim 40, wherein the private key of the first 

2 system private-public key pair is stored in a wireless identity module forming part 

3 of the second device. 

1 42. A system as defined in claim 41, wherein the private key of the first 

2 system is accessed by entry of a password. 

1 43. A system as defined in claim 30, where the user of the first system 

2 authenticated identity includes a private-pubUc key pair, where the identity of the 

3 user of the first system is certified by a Certification Authority through a 

4 corresponding public key for the user of the first system, and wherein the means 

5 for signing the certificate includes signing the certificate for the key for use in the 

6 second system by encryption of data with the private key of the user of the first 
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7 system. 



1 44. A system as defined in claim 43, wherein the second device 

2 includes means for user entry of information, and wherein the user of the first 

3 system obtains access to its private key by entry of a password via said user entry 

4 means. 



1%^ 



1 45. A system as defined in claim 44, wherein the password is a 

2 personal identification number. 

1 46. A system as defined in claim 30, wherein the certificate for the key 

2 includes the fixU certification tree for the key, said fiill certification tree including a 

3 certificate of the first system for the user of the first system. 



p 1 47. A system as defined in claim 30, wherein the first system is a 



ni 2 wireless communication system. 

m 



0 1 48. A system as defined in claim 47, wherein the second system is a 

2 computer connected to the Litemet. 



1 49, A system as defined in claim 44, wherein the second system uses a 

2 security protocol for establishing a secure session. 

1 50. A system as defined in claim 49, wherein the security protocol is 

2 selected firom tihe group consisting of Transport Layer Security, IP Security 

3 Protocol and Secure Socket Layer. 



1 5 1 . A system as defined in claim 49, wherein the second device 

2 forming part of the wireless communication system includes a wireless identity 

3 module (WIM) for storing information used to establish the identity of the user of 

4 the first system. 
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1 52. A system as defined in claim 5 1 , wherein the WIM contains a 

2 private key of the user of the first system and wherein a corresponding public key 

3 of the user of the first system is certified by a Certification Authority. 

1 53. A system as defined in claim 30, wherein the certificate for the key 

2 for use in the second system contains one or more usage limitations. 

1 54. A system as defined in claim 53, wherein one usage limitation is 

2 that a third party of the second system should accept the key for use in the second 

3 system only for certain types of operations, 

1 55. A system as defined in claim 54, wherein an accepted operation is 

2 the use of the key for use in the second system for encryption of data but not for 

3 signature verification. 



1 56. A system for defined in claim 30, where the certificate does not 

2 contain the identity of the user associated with the user generated key, and where 
Fl| 3 the means for signing of the certificate using the authenticated identity of the user 

4 of the first system including appending the fiiU certification tree of the first user to 

5 the user generated key. 

1 57. A system as defined in claim 30, where the first and second users 

2 are the same entity. 

1 58. A system for authenticating a user in a network environment where 

2 the user has an authenticated identity not associated with said network 

3 environment, comprising: 

4 means for generating a certificate for the key; and 

5 means for signing the certificate for the key using the user's authenticated 

6 identity. 



22 



111 



944-005.002 NC28448 

1 59, A device for authenticating a user of a second system where the 

2 user has an authenticated identity in a first system, wherein the device forms part 

3 of the second system comprising: 

4 means for generating a key for use in the second system; 

5 means for generating a certificate for the key; 

6 means for transferring the certificate to a device forming part of the first 

7 system, said device of the first system having information concerning the 

8 authenticated identity of the user in the first system, so as to sign the certificate 

9 using the authenticated identity of the user in the first system; and 

10 wherein said device of the second system fiirther comprises means for 

1 1 receipt of said signed certificate and means for transferring the signed certificate to 

12 a third party of said second system. 

1 60. A wireless device for use in authenticating a user of a second 

2 system where the user has an authenticated identity in a first system associated 



HI 3 with the wireless device, wherein the second system inchides a device having 

ry 



4 means for causing a key to be generated for use in the second system, means for 

5 generating a certificate for the key, and means for transferring the certificate to 

6 another device; 

7 wherein the wireless device comprises: 

8 means for storing information regarding the authenticated identity of the 

9 user in the first system; 

10 means for receipt of the certificate fi*om the second device; and 

1 1 means for signing the certificate using the authenticated identity of the user 

12 in the first system and transferring the signed certificate to the device of the 

13 second system. 

1 6L A wireless device as defined in claim 60, wherein the second 

2 device includes means for generating the key to be used in said second system. 

1 62. A wireless device as defined in claim 56, wherein the wireless 

2 device fiirttier comprises means for generating the key to be used in the second 
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3 system. 

1 63. A wireless device as defined in claim 60, where the authenticated 

2 identity of the user in the first system comprises a private-public key pair and a 

3 certificate issued by a Certification Authority, and where the means for signing the 

4 second system generated certificate is by encrypting this second system generated 

5 certificate using the private key of the first system private-public key pair, wherein 

6 the wireless device includes a wireless identity module for storing said private key 

7 of the first system private-public key pair. 

1 64. A wireless device as defined in claim 63, wherein the wireless 

2 device includes means for user entry of information, wherein the private key of the 

3 first system is accessed by entry of a password via said user entry means. 



1 65. A computer program product for implementing the authentication 

f y 2 of a user of a second system where the user has an authenticated identity in a first 

ft] 

* " 3 system, comprising: 

0 4 a computer readable medium; 

PJ 

fll 5 a device forming part of the second system, the device having program 

P 6 code in said computer readable medium for generating a key for use in the second 

W 7 system, 

8 said device of the second system having program code in said computer 

9 readable medium for generating a certificate for the key; and 

10 a second device forming part of the first system, the second device having 

1 1 program code in said computer readable medium for storing the authenticated 

12 identity of the user in the first system; and 

13 wherein the second device has program code in said computer readable 

14 medium for signing the certificate generated by the device of the second system 

15 using the information regarding the authenticated identity of the user in the first 

16 system and transferring the signed certificate to the device of the second system. 
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